Reverse Engineering Stack Exchange is a question and answer site for researchers and developers who explore the principles of a system through analysis of its structure, function, and operation. It only takes a minute to sign up.

I've got an old film camera that uses a cable to connect to a PC. The camera records information like shutter speed, lens used, flash fired, focal length, etc. I'd like to download this information and keep it with my photos. The software that comes with this cable works only on Windows XP. I'm trying to get something that will work with a python script on linux ideally.

My first thought was to capture some usb/serial traffic and see what is sent and received. After several tries, I got some data captured. However, I can't really understand what is going on. It's rather cryptic to me.

List of Details:

In Windows XP the device shows up as using com3/4, hence I think it is a serial device over USB. I couldn't get portmon to capture anything at all.

I tried capturing USB traffic in VMWare logs, this worked but it's cryptic and doesn't look terribly helpful.

I was hoping to get a set of commands that are available on this device to send and receive various pieces of data. Are there any good suggestions/tips/tricks that you can offer to get me started down a successful path? I know this will be trial and error, but what else can I try? Maybe the data I have is sufficient and I need to interpret somehow?

1 Answer
1

Reversing a USB protocol can be a daunting task but some tools can provide a lot of help. Wireshark understands the USB protocol and can help you make sense of some capture. I have only used on it Linux but the wiki provides instructions for Windows too. I suggest you always run Windows XP in the VM and capture on the host, it usually makes thing easier. You will need to familiar yourself with the USB protocol, USB in Nutshell is a good place to start.

Alternatively, you can try to directly capture the traffic at the COM port, see this post. It should be much simpler assuming you can make it work because it will give you much more higher-level information.